Posted by: David Harley | September 12, 2017

Blackberry losing the security plot?

Andrew Orlowski for The Register: BlackBerry admits: We could do better at patching – Still the most secure Android? It won’t get last year’s update

Not quite as bad as it sounds, but a bit of a comedown for a company that always prided itself on its security record…

David Harley

Posted by: David Harley | August 24, 2017

Insecure macOS API. Still.

Michael Mimoso for Kaspersky ThreatPost: DEPRECATED, INSECURE APPLE AUTHORIZATION API CAN BE ABUSED TO RUN CODE AT ROOT.  Quote from the blog:

A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS … The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack.

David Harley

Posted by: David Harley | August 11, 2017

SMS touch – plain(text)ly an issue

David Bisson for Graham Cluley’s blog: SMS touch a security and privacy nightmare for iOS users – “Plaintext data transmissions make $1.99 app a spoofer’s delight…”

David Harley



Posted by: David Harley | August 11, 2017

Mugthesec Mac adware

Zeljka Zorz for Help Net Security: Stealthy Mughthesec Mac adware exposed: What it does, how to protect yourself.

Original analysis by Patrick Wardle: WTF is Mughthesec!? › poking on a piece of undetected adware

I wish people would include file hashes as text as well as screenshots: it’s a little exasperating having to type a hash like 9c4f74feff131fa93dd04175795f334649ee91ad7fce11dc661231254e1ebd84 from a screenshot in order to make use of it for further research. Much less error-prone if you can copy and paste a text string. 😉

Anyway, VirusTotal currently reports that two companies now detect that adware.


David Harley

Posted by: David Harley | August 10, 2017

Android Patches

Or as The Register puts it: It’s August 2017 and your Android gear can be pwned by, oh look, just patch the things – Google addresses dozens of security flaws in mobile platform

Android’s own security bulletin is here.

David Harley

Posted by: David Harley | August 8, 2017

AV-Comparatives Mac Security Review

AV-C’s Mac Security Test and Review report, July 2017:

Mac Reviews / Tests

Includes testing of the following:

Avast Mac Security
AVG AntiVirus for Mac
Avira Antivirus Pro for Mac
Bitdefender Antivirus for Mac
BitMedic AntiVirus
ESET Cyber Security Pro
Intego Mac Premium Bundle X9
Kaspersky Internet Security for Mac
Webroot SecureAnywhere Internet Security Complete

David Harley

Posted by: David Harley | August 1, 2017

Pre-Installed Android Trojan

The Trojan Dr. Web calls Android.Triada.231 comes pre-installed (but not for your convenience) in the firmware of a number of Android mobile devices ‘ including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.’

For Graham Cluley’s blog, David Bisson points out that ‘The security firm has contacted the manufacturers with the request that they push out updates to the affected devices…But as we all know by now, updates are too few and far between on too many Android devices.’

David Harley

Posted by: David Harley | July 25, 2017

Return of the Fruitfly

Well, personally, I’m more bothered with flying ants right now, but quite a few users of macOS/OS X are unsurprisingly concerned right now about the resurgent Fruitfly backdoor/spyware, the subject of an upcoming Black Hat presentation by Synack researcher Patrick Wardle that has attracted a great deal of attention:  Offensive Malware Analysis: Dissecting OSX/Fruitfly via a custom C&C Server. I talked (briefly) about an earlier iteration of the Fruitfly/Quimitchin malware  in January.

Further commentary:

Wardle told Mashable that ‘the entire Fruitfly malware net appears to be shut down at this time.’

David Harley

Posted by: David Harley | July 20, 2017

Skycure pessimistic about iOS

John Leyden is slightly sceptical of Skycure’s pessimism as regards iOS breaches and vulnerabilities: Martijn Grooten of Virus Bulletin even more so. “Android malware is still far more common. The whole report looks like the authors are desperate to make iOS security sound as bad as possible.”

The article: No one still thinks iOS is invulnerable to malware, right? Well, knock it off – As platform’s popularity continues to rise, so does its allure to miscreants 

Skycure’s report  here,

David Harley

Posted by: David Harley | July 20, 2017

Apple Updates

David Harley

Older Posts »